skip to content
Decrypt LOL

Get Cyber-Smart in Just 5 Minutes a Week

Decrypt delivers quick and insightful updates on cybersecurity. No spam, no data sharing—just the info you need to stay secure.

Read the latest edition

Restoring Reflective Code Loading on macOS After API Changes

/ 1 min read

🦠 Restoring Reflective Code Loading on macOS After Apple’s API Changes. The Objective-See Foundation’s Patrick Wardle discusses how Apple’s recent modifications to macOS APIs have effectively disabled reflective code loading, a technique often exploited by malware to execute code directly from memory, bypassing traditional detection methods. While Apple’s changes enforce file-based loading, Wardle presents a straightforward method to restore this capability by leveraging a custom loader based on Apple’s open-source loader code. This approach allows for the execution of in-memory payloads without writing them to disk, maintaining stealth against security tools. The article also hints at upcoming strategies for defenders to counteract these stealthy techniques, emphasizing the ongoing cat-and-mouse game between malware authors and cybersecurity professionals.

Source
{entry.data.source.title}
Original